class UsersController < ApplicationController
  
  before_filter :authorize_book, :only => [:create, :update, :destroy, :new, :edit]
  # GET /users
  # GET /users.json
   protected
  def authorize_book
    if User.find_by_id(session[:user_id])
      user = User.find_by_id(session[:user_id])
      if user.level==2
        redirect_to librarian_index_url, :notice => "you can't access this page"
      elsif user.level==3
        redirect_to students_index_url, :notice => "you can't access this page"
      end
    else
      redirect_to login_url
    end
  end
  
  public
  
 # def upload
    # uploaded_io = params[:user][:image_url]
    # File.open(Rails.root.join('public', 'uploads', uploaded_io.original_filename), 'w') do |file|
      # file.write(uploaded_io.read)
    # end
  # end
  
  def index
    # @users = User.order(:username)
    @users = User.find(:all)
    
    # @users = User.find(:all).sample(3)  # Load random 3 user

    respond_to do |format|
      format.html # index.html.erb
      format.json { render json: @users }
    end
  end

  # GET /users/1
  # GET /users/1.json
  def show
    @user = User.find(params[:id])

    respond_to do |format|
      format.html # show.html.erb
      format.json { render json: @user }
    end
  end

  # GET /users/new
  # GET /users/new.json
  def new
    @user = User.new

    respond_to do |format|
      format.html # new.html.erb
      format.json { render json: @user }
    end
  end

  # GET /users/1/edit
  def edit
    @user = User.find(params[:id])
  end

  # POST /users
  # POST /users.json
  def create
    @user = User.new(params[:user])

    respond_to do |format|
      if @user.save
        format.html { redirect_to(users_url,:notice => "User #{@user.username} was successfully created.") }
        format.json { render json: @user, status: :created, location: @user }
      else
        format.html { render action: "new" }
        format.json { render json: @user.errors, status: :unprocessable_entity }
      end
    end
  end

  # PUT /users/1
  # PUT /users/1.json
  def update
    @user = User.find(params[:id])

    respond_to do |format|
      if @user.update_attributes(params[:user])
        format.html { redirect_to(users_url,:notice => "User #{@user.username} was successfully updated.") }
        format.json { head :no_content }
      else
        format.html { render action: "edit" }
        format.json { render json: @user.errors, status: :unprocessable_entity }
      end
    end
  end

  # DELETE /users/1
  # DELETE /users/1.json
  def destroy
    @user = User.find(params[:id])
    @user.destroy

    respond_to do |format|
      format.html { redirect_to users_url }
      format.json { head :no_content }
    end
  end
end
